There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVE-2021-3518 - High Severity Vulnerability
Library home page: https://source.codeaurora.org/external/simcom/platform/external/libxml2/
Found in HEAD commit: 75af0faf834e3cb12c1fcc612ceabb4d8e3058a9
Found in base branch: master
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Publish Date: 2021-05-18
URL: CVE-2021-3518
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3518
Release Date: 2021-05-18
Fix Resolution: libxml2-debuginfo - 2.9.7-9,2.9.7-9;libxml2 - 2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9;python3-libxml2-debuginfo - 2.9.7-9,2.9.7-9;python3-libxml2 - 2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9;libxml2-devel - 2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9,2.9.7-9;libxml2-debugsource - 2.9.7-9,2.9.7-9
Step up your Open Source Security Game with Mend here